USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM.

It was discovered that an out-of-bounds write vulnerability existed in theFlash-Friendly File System (f2fs) in the Linux kernel. An attacker couldconstruct a malicious file system that, when mounted, could cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2017-0750)

It was discovered that a race condition leading to a use-after-freevulnerability existed in the ALSA PCM subsystem of the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowedpassthrough of the diagnostic I/O port 0x80. An attacker in a guest VMcould use this to cause a denial of service (system crash) in the host OS.(CVE-2017-1000407)

Bo Zhang discovered that the netlink wireless configuration interface inthe Linux kernel did not properly validate attributes when handling certainrequests. A local attacker with the CAP_NET_ADMIN could use this to cause adenial of service (system crash). (CVE-2017-12153)

Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kerneldid not properly track reference counts when merging buffers. A localattacker could use this to cause a denial of service (memory exhaustion).(CVE-2017-12190)

It was discovered that the key management subsystem in the Linux kernel didnot properly restrict key reads on negatively instantiated keys. A localattacker could use this to cause a denial of service (system crash).(CVE-2017-12192)

It was discovered that an integer overflow existed in the sysfs interfacefor the QLogic 24xx+ series SCSI driver in the Linux kernel. A localprivileged attacker could use this to cause a denial of service (systemcrash). (CVE-2017-14051)

Otto Ebeling discovered that the memory manager in the Linux kernel did notproperly check the effective UID in some situations. A local attacker coulduse this to expose sensitive information. (CVE-2017-14140)

It was discovered that the ATI Radeon framebuffer driver in the Linuxkernel did not properly initialize a data structure returned to user space.A local attacker could use this to expose sensitive information (kernelmemory). (CVE-2017-14156)

ChunYu Wang discovered that the iSCSI transport implementation in the Linuxkernel did not properly validate data structures. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2017-14489)

James Patrick-Evans discovered a race condition in the LEGO USB InfraredTower driver in the Linux kernel. A physically proximate attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-15102)

ChunYu Wang discovered that a use-after-free vulnerability existed in theSCTP protocol implementation in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code, (CVE-2017-15115)

It was discovered that the key management subsystem in the Linux kernel didnot properly handle NULL payloads with non-zero length values. A localattacker could use this to cause a denial of service (system crash).(CVE-2017-15274)

It was discovered that the Bluebooth Network Encapsulation Protocol (BNEP)implementation in the Linux kernel did not validate the type of socketpassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMINprivilege could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15868)

Andrey Konovalov discovered a use-after-free vulnerability in the USBserial console driver in the Linux kernel. A physically proximate attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2017-16525)

It was discovered that the netfilter passive OS fingerprinting (xt_osf)module did not properly perform access control checks. A local attackercould improperly modify the systemwide OS fingerprint list.(CVE-2017-17450)

It was discovered that the HMAC implementation did not validate the stateof the underlying cryptographic hash algorithm. A local attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-17806)

Denys Fedoryshchenko discovered a use-after-free vulnerability in thenetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could usethis to cause a denial of service (system crash). (CVE-2017-18017)

It was discovered that an integer overflow vulnerability existing in theIPv6 implementation in the Linux kernel. A local attacker could use this tocause a denial of service (infinite loop). (CVE-2017-7542)

Tommi Rantala and Brad Spengler discovered that the memory manager in theLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protectionmechanism. A local attacker with access to /dev/mem could use this toexpose sensitive information or possibly execute arbitrary code.(CVE-2017-7889)

Mohamed Ghannam discovered a use-after-free vulnerability in the DCCPprotocol implementation in the Linux kernel. A local attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-8824)

Mohamed Ghannam discovered a null pointer dereference in the RDS (ReliableDatagram Sockets) protocol implementation of the Linux kernel. A localattacker could use this to cause a denial of service (system crash).(CVE-2018-5333)

èéŸé£ discovered that a race condition existed in loop block deviceimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2018-5344)

Update instructions:

The problem can be corrected by updating your system to the followingpackage versions:

After a standard system update you need to reboot your computer to makeall the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.